Netwrix, a cybersecurity vendor that makes data security easy, asked 590 IT pros whether and how they review user access permissions. The survey found that 90 per cent of organisations either already periodically review access entitlements or plan to start doing so within three years.
However, most respondents (81 per cent) admit that they perform access reviews manually.
“Manual review is the most unreliable and time-consuming way of keeping permissions up to date,” says Joe Dibley, security researcher at Netwrix. “An email or instant message from some department head confirming access rights usually satisfies neither internal nor external auditors. Moreover, this approach increases the chance of human error — it’s too easy to forget about someone’s answer or miss the email altogether.”
Moreover, in 41 per cent of organisations, IT teams review user access rights not only manually but on their own, without involving business users at all.
“IT teams generally are not in a position to know exactly who needs what access to which IT resources. As a result, the organisation not only does fail to properly enforce least privilege, but the helpdesk is overwhelmed by requests from business users and data owners to update access rights,” comments Dibley.
The respondents who already have a dedicated tool for reviewing user access rights were then asked what they consider to be the biggest benefit of that solution. 49 per cent of them named risk reduction and 28 per cent chose time-savings.
“Automating access reviews reduces cybersecurity risks directly, by ensuring regular update of users’ rights — and indirectly as well: eliminating manual tasks frees up IT teams to focus on other critical activities, like investigating security incidents before they turn into breaches,” adds Dibley.
Netwrix makes data security easy, thereby simplifying how professionals can control sensitive, regulated and business-critical data, regardless of where it resides. More than 11,500 organisations worldwide rely on Netwrix solutions to secure sensitive data, realise the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers.
Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.